this post was submitted on 28 Jul 2023
1868 points (97.7% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
55195 readers
213 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I have an always-on vpn container and a transmission server container on my home server. Then I use transmission as a client on my laptop and I don't need to continually connect and disconnect.
Any interest in a how-to guide? I won't get to it for at least two weeks, mind.
Yes!!!
Yes!!!
Implementation of VPN'd torrent client
This is how I torrent over Mullvad. I have no hesitation to recommend Mullvad - but I am not a crypto or security expert.
The main image fails closed - if the VPN goes down, transmission disconnects.
This setup also includes a SOCKS server that proxies your traffic over the same VPN. I use a separate browser (librewolf) and set the SOCKS proxy to :2020 including sending DNS over SOCKS. That's because my country blocks piracy-related sites at the DNS level. If you don't need this, you can delete the socks section of the docker-compose file.
On my ubuntu laptop, I install
transmission-remote-gtk
in order to click on a magnet link and have it added. Otherwise you have to browse to the container's web interface, which gets tiresome.I have this installed as a systemd service so it runs on boot. I use the systemd state and credential features as a safeguard against my own mistakes with permissions, but my long-term goal is to encrypt these files on disk. Linux can be pwned - I have read that around 35% of botnet nodes are linux (although these are presumably mostly weak IoT devices). The secondary benefit of the
LoadCredential
/CREDENTIALS_DIRECTORY
mechanism is that it doesn't expose secrets as environment variables.The p2p.service file needs to be in that path, but you can put the other files wherever you want.
Known issues / todo list
File contents
/root/.secrets/mullvad
:/etc/systemd/system/p2p.service
:/usr/local/bin/p2p/docker-compose.yml
:/usr/local/bin/p2p/sockd.conf
:Steps
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl enable p2p
sudo systemctl start p2p
systemctl status p2p
sudo systemd-run -P --wait -p LoadCredential=mullvad:/root/.secrets/mullvad docker compose up --remove-orphans
/usr/local/bin/p2p
and rundocker compose pull
to update the images.Don't need it personally, but someone else might, so definitely post it when you feel like doing some writing.